Automate Your Lab – Part 5 – Certificate Authority

Table Of Contents

I need a certificate authority (CA) for several things in my labs. E.g. for a SSL secured Citrix Storefront base URL – load balanced by a Netscaler. Only a few PowerShell commands are necessary to set up an AD integrated CA with the web enrollment component.

Customize your CA with variables in the script. Find the explanations of the variables below.

$CACommonName => You have to give the CA a name, mine is “dominik-lab-CA”.

$HashAlgorithmName => The default hash algorithm is SHA1 and this is normally enough for a lab, but Google Chrome doesn’t like SHA1 and you won’t get that nice green https in your address bar:


Therefore I choose SHA256 instead. SHA512 is also possible but there are some rumors that there are problems with Netscaler VPX which I use in my lab.

$Keylength => Next is key length. Most of the Citrix and VMware products require a key length of 2048 bits so I choose this.

$PeriodOfValidity => The default period of validity is two years – I prefer five years instead (although my lab will never get that old 😉 )

Your Server Manager should look like this when the script has finished:


Leave a Reply

Your email address will not be published. Required fields are marked *